Candidate: CVE-2015-5163
PublicDate: 2015-08-19 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163
 http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
Description:
 The import task action in OpenStack Image Service (Glance) 2015.1.x before
 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users
 to read arbitrary files via a crafted backing file for a qcow2 image.
Ubuntu-Description:
Notes:
 mdeslaur> kilo only
Bugs:
 https://bugs.launchpad.net/glance/+bug/1471912
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453
Priority: medium
Discovered-by: Eric Harney
Assigned-to:
CVSS: 

Patches_glance:
upstream_glance: released (2015.1.2)
precise_glance: not-affected (code not present)
trusty_glance: not-affected (code not present)
trusty/esm_glance: DNE (trusty was not-affected [code not present])
vivid_glance: not-affected (1:2015.1.2-0ubuntu1)
wily_glance: not-affected (2:11.0.0-0ubuntu1)
devel_glance: not-affected (2:11.0.0-0ubuntu1)